Hardware Sizing For Directory Proxy Server

Directory Proxy Server runs as a multithreaded Java program, and is built to
scale across multiple processors. In general, the more processing power available the better,
though you might find that in practice adding memory, faster disks, or faster
network connections can enhance performance more than additional processors.

Configuring Virtual Memory

Directory Proxy Server uses memory mainly to hold information that is being processed.
Complex aggregations for processing some virtual directory requests against multiple data sources may
temporarily use extra memory. If one of your data sources is an LDIF
file, Directory Proxy Server constructs a representation of that data source in memory.
However, unless you use large LDIF data sources, not a recommended deployment practice,
a couple gigabytes of memory devoted to Directory Proxy Server should suffice. You
might want to increase the Java virtual machine heap size when starting Directory
Proxy Server if enough memory is available. For example, to set the Java
virtual machine heap size to 3 gigabytes, use the following command.

This command uses several options which are specific to the Oracle Java virtual
machine. The NewSize and MaxNewSize values are recommended to be 2/3 of the
heap. The default heap size is 1 gigabyte.

Configuring Worker Threads and Backend Connections

Directory Proxy Server allows you to configure how many threads the server maintains
to process requests. You configure this using the server property number-of-worker-threads, described
in number-of-worker-threads(5dpconf). As a rule of thumb, try setting this number to
50 threads plus 20 threads for each data source used. To gauge whether
the number is sufficient, monitor the status of the Directory Proxy Server work
queue on cn=Work Queue,cn=System Resource,cn=instance-path,cn=Application System,cn=DPS6.0,cn=Installed Product,cn=monitor. If you find that the operationalStatus for the work queue is
STRESSED, this can mean thread-starved connection handlers are unable to handle new client
requests. Increasing number-of-worker-threads may help if more system resources are available for
Directory Proxy Server.

The number of worker threads should also be appropriate for the number of
backend connections. If there are too many worker threads for the number of backend connections, incoming
connections are accepted but cannot be transmitted to the backend connections. Such a
situation is generally problematic for client applications.

To determine whether this situation has arisen, check the log files for error
messages of the following type: "Unable to get backend connections". Alternatively, look at the cn=monitor entry for
load balancing. If the totalBindConnectionsRefused attribute in that entry is not null, the
proxy was unable to process certain operations because there were not enough backend
connections. To solve this issue, increase the maximum number of backend connections. You
can configure the number of backend connections for each data source by using
the num-bind-limit, num-read-limit and num-write-limit properties of the data source. If you have
already reached the limit for backend connections, reduce the number of worker threads.

If there are not enough worker threads for the number of backend connections, so much work
can pile up in the server's queue that no new connections can be
handled. Client connections can then be refused at the TCP/IP level, with no
LDAP error returned. To determine if this situation has arisen, look at the
statistics in the cn=monitor entry for the work queue. In particular, readConnectionsRefused and
writeConnectionsRefused should remain low. Also, the value of the maxNormalPriorityPeak attribute should
remain low.

Disk Space for Directory Proxy Server

By default Directory Proxy Server requires up to one gigabyte of local
disk space for access logging, and another gigabyte of local disk space for errors
logging. Given the quantity of access log messages Directory Proxy Server writes
when handling client application requests, logging can be a performance bottleneck. Typically, however, you
must leave logging on in a production environment. For best performance therefore put
Directory Proxy Server logs on a fast, dedicated disk subsystem. See Configuring Directory Proxy Server Logs in Oracle Directory Server Enterprise Edition Administration Guide for
instructions on adjusting log settings.

Network Connections for Directory Proxy Server

Directory Proxy Server is a network-intensive application. For each client application request, Directory
Proxy Server may send multiple operations to different data sources. Make sure the
network connections between Directory Proxy Server and your data sources are fast, with
plenty of bandwidth and low latency. Also make sure the connections between Directory
Proxy Server and client applications can handle the amount of traffic you expect.

If connections will be opened and closed very frequently, consider reducing the TCP
stack's time wait state duration to 1 second. Use the following command on
Solaris (as superuser):

$ ndd -set /dev/tcp tcp_time_wait_interval 1000

For other operating systems, please refer to the operating system documentation.